Digital Society Foundation of
India (DSFI) intends making a consolidated representation to
Reserve Bank of India on behalf of the Phishing Victims to
pursue improvements in the security of Internet Banking in
India. DSFI therefore invites information from Phishing Victims
with details of their respective cases indicating the amount
lost, bank involved, how the amount was transferred, to which
account the amount was transferred, whether a Police complaint
was preferred, FIR lodged, whether Bank responded to the
complaint etc. Victims may use the enclosed format if required
and elaborate with evidence if any. All material may be sent by
mail or e-mail to DSFI office at Bangalore at Digital Society
Foundation, No 37, 20th Main, B S K Stage I, Bangalore 560050,
Ph 26603490, e-mail;dsfoundation@gmail.com.
..

May 21: Speaking to an audience consisting of Security officials from
different manufacturing industries, Naavi highlighted the need for an
integrated PIH approach to Security In particular he referred to the
"Human Risks" in corporate entity and highlighted how a Behavioral Science
approach can be applied to identify potential insider threats and take steps
for derisking. A Copy of the presentation made by Naavi
is available here.

Copyright Amendment Bill Comments Invited

May21: A major amendment is in the offing through the Copyright
Amendment Bill. While some of the amendments are welcome and are required for
the digital era needs, some of the amendments are driven by the industry and
may contain many harsh provisions which consumers may find it difficult to
live with. In case members of public have views they can submit their views
for consolidation as indicated
in this article. :
Copy of the
proposed amendments

Customer Recovers 1.55 lakhs from ICICI Bank

May 18: A spin off from the Umashankar Vs ICICI case in which Mr
Davidar, Adjudicator of Tamil Nadu had given a verdict in favour of the
customer, in yet another case of security failure, ICICI Bank has returned the
defrauded amount to the customer without a legal battle. We appreciate the
approach of ICICI Bank in this case for having recognized the security
failure. However, this case highlights negligence from Reliance Infocomm and
we hope they have also learnt a lesson. ..
Details in BL

Renewed Interest in .XXX domain name

May16: Several years ago, Naavi.org had discussed various ways of
regulating Porn and one of the suggestions discussed was the creation of .xxx
domain name extension pushing all adult websites to this domain. It would then
become easy for regulators to block the websites if they want and for the
adult content websites to carry on their activity. This was discussed in
the article
"Cultural
Policing- Creating a Red Light Area on Cyber Space,". on 7th March 2002.
Now after 8 years the issue has come up for discussion once again at ICANN. As
per
this article on a blog , ICANN is considering releasing the domain name
.xxx with the condition that it
anyone registering a .xxx domain is that the site carries meta-tags that will
be automatically picked up by the popular browsers and allow people who want
to avoid the content to easily do so. Related Articles:
Redlight
area on Cyber Space :
Adult pass
:
Legalizing Porn

May 16: The Australian Security Intelligence Agency (ASIO) is reported
to have ordered audit of all Chinese telecom equipments installed in Australia
since they are suspected to contain the infamous "Manchurian Chip" to spy on
the network. A similar approach is required in India as well. ..More

Google "Street View" draws flak from Privacy Protection Organizations

May 16: Google admitted that it had in its custody information which
was picked from public Wi-Fi networks that was a clear violation of privacy
norms. It has now requested permission for deletion of the information. It is
strange that the Company did not take permission to collect the information
but now realizes that it needs permission to delete the same. What Google has
done is similar to what NTRO itself did in India snooping on private mobile
conversations of politicians.
Related Story IE,

May 16: The Government of India has taken steps to set up a security
certification agency for telecom equipments to meet the perceived threat of
telecom equipments supplied from China being a security threat. Mr N
Balakrishnan, IISC, Bangalore has been requested to suggest a framework for
the agency. This was a long pending requirement and the move needs to be
appreciated. At last it appears that the Government of India has woken up to
the security threats posed by China. These initiatives appear to be the
initiative of the Home Ministry which under the leadership of Dr PC has taken
several security initiatives which were being suggested by the security
community for a long time and were being ignored.

May 12: An Individual who didnot password protect his wireless routers
and allow another to log in in their name and download pirated music has been
fined Euro 100 (approx Rs 6000) by a Criminal Court in Germany.
Related Story
Related Blogpost

May 10: The recently held global Cyber Security Summit in Dallas, Texas
highlighted the need for "Collaboration" in the field of Cyber Security. In
India Naavi has been trying to achieve some form of coordination between
different agencies and has put up several suggestions for Public-Private
Cooperation as well as Cooperation between different private sector agencies
and Police Stations. Unfortunately the concept of "Cooperation" is not an easy
concept for either the Government agencies not the Private Sector. While the
Private sector is always interested with "What is in it for me?" attitude,
Government agencies are uncomfortable in any kind of association with the
private agencies.

Naavi.org has therefore now embarked on bringing together the NGOs first into
a "Digital Security Consortium" and sent out invitations to a few known
agencies. It appears that some of these NGO s which are presently engaged in
activities connected with Internet are willing to come together under a common
umbrella of "Digital Security Consortium". Some additional thoughts on this
is available in the April issue of Cyber Laws For CxO.

I invite all interested organizations to contact me to take this concept
further.

May 9: A case has been reportedly filed against a BPO in Gurgaon for
allegedly tapping into the leased line of his neighbor and illegally tapping
the bandwidth causing loss to the other company. Cases appear to have been
filed under IPC but not ITA 2008. It is however not clear whether the tapping
was intentional or accidental and whether it was caused by a mistake of the
service provider in wrongly connecting the leased lines.
More

May9: With effect from October 27, 2009, according to ITA 2008
certain information security compliance requirements were initiated along with
a penalty clause. Accordingly, non compliance of ITA 2008 could lead to both
civil and criminal liabilities on Indian companies. The already existing SEBI
listing guidelines extend the corporate governance requirement of Clause 49
declaration by CEOs to cover compliance of ITA 2008 as well. It is
interesting to observe that the Cyber Security Bill introduced in the US on
6th instant
directs
civilian agencies to review cyber threats they face and show they have
complied with the 2002 "Federal
Information Security Management Act"
(FISMA) when submitting annual budgets.
Presently this could be applied to agencies which seek Government funds. But
the import is clear. Indian companies in the private sector are yet to
realize the impact of ITA 2008 and hopefully they will do so shortly. In the
meantime, e-Governance agencies also need to voluntarily undertake Cyber Law
Compliance audits for their projects and ensure that they donot overlook
Techno Legal Information Security for their projects.
Related Article

Adjudicators Meet in Delhi

May 9: A National Seminar on enforcement of Cyber Laws was held
yesterday. Honorable Chief Justice of India Shri K G Balakrishnan
inaugurated the seminar. The seminar is organized by the Cyber Regulations
Appellate Tribunal under the leadership of Justice Shri Rajesh Tandon. During
his inaugural speech, Chief Justice re-iterated that the Government has the
right to block websites for pornography and other violations. (For
a detailed discussion on the system of Adjudication, view Cyber Laws for CxOs,
March 2010 edition)

Indian Extradited to US for Online Fraud

May 7:
An Indian national has been sentenced to 81 months in prison for his alleged
role in an international fraud scheme to "hack, pump and dump" online
brokerage accounts in the US.
Jaisankar Marimuthu, 36, a native of Chennai, who was extradited to the US
following his arrest in Hong Kong, was also ordered to pay $2.4
million in restitution by US District Judge Laurie Smith Camp in Nebraska.
Related Article

Mumbai Police Arrest Army Man for Child Pornography

May7: Based on a complaint received from Germany, Mumbai Police
arrested an army officer for child pornography related activities. He was
alleged to have uploaded certain pictures to a website and was also caught
downloading and storing obscene pictures.
Report in TOI

May 7: In a welcome move, Government of India has introduced a
need for Security Clearance before telecom equipments are imported from China.
This was a long pending demand from security professionals since a large part
of Internet modems and ISP equipments are presently being imported from China.
Ever since Chinese hardware supplies for Credit Card processing in UK were
found to have been implanted with chips which could steal data, it has been
pointed out that imports from China are a security threat. The current
ban/need for security clearance has to be extended to all telecom and computer
imports from China. Additionally, "Exports" from India which could be leading
to transfer of technology should also be put on a review.
Related Article

May 7: The Adjudicator of Tamil Nadu jolted Indian Bankers out of their cozy slumber
by his decision on April 12, 2010 in the case of Umashankar Sivasubramaniam Vs
ICICI Bank. In this case, the adjudicator PWC Davidar held ICICI Bank liable
to pay damages to the extent of Rs 12.85 lakh on an alleged"phishing"
fraud incident involving fraudulent transfer of an amount of Rs 6.46 lakh. In
the ICICI Bank phishing fraud case, the Adjudicator clearly documents reasons
why he considers it necessary to hold the bank liable not only to repay the
involved amount, but also interest and other expenses....
More.. in searchsecurity.com

US Cyber Security Summit calls for Better Collaboration

May 6: An international Cyber Security Summit in
Dallas called for more Public Private Collaboration to develop an
international framework for a secureyberspace. It may be recalled that the
Bangalore Cyber Security Summit held last year had also highlighted the need
for public-private cooperation in Cyber Security and Naavi had presented a
paper on "Building
Sustainability in Public Private Partnerships". Some of the key
Indian officials who missed the Bangalore Cyber Security Summit, have taken
the trouble to attend the Dallas summit and perhaps will come back with some
action plans for India. Recently Naavi.org has proposed a "Digital Security
Consortium" as a means of bringing together Indian entities who are working in
Secure Cyber Space which is a step in this direction.
Related Article

DNS Queries to be Digital Signature based

May 2: On May 5, the 13 DNS root servers maintained
by ICANN for domain name resolution will start exchanging data based on
digital signatures. This is expected to improve the security of the system.
ISPs are expected to have made necessary changes in their system to be able to
properly receive the incoming responses so that the internet services remain
unaffected.
See related Article

Rules under Sec 43A expected in May 2010

May 1: Speaking at the IBA-DSCI seminar on Security
Framework in Indian Banks, Dr Gulshan Rai, Director, CERT-IN indicated that
rules under Section 43A is expected to be announced around May 10, 2010. He
also indicated that notification of cyber crime incidents by Banks to CERT IN
also may be necessary. He also took note that the software vendors are not
auditing the banking software from the security point of view.

Security Incident Reporting System for Banks

May 1: RBI Governor speaking at a IBA-DSCI seminar
in Mumbai on April 26th called for the setting up of a dedicated institutional
set up for reporting of security breach incidents in the financial sector and
called upon IDRBT to work towards it. He has reiterated the need for Bankers
to upgrade theeir information security measures in the light of threats
arising in technology banking. He has also spelt out
"Ten Commandments of Security"
which the Bankers need to consider. These include employee awareness, policies
and procedures, timely security, appropriate investment, business
reengineering, modernization, data integrity etc. Naavi's design of ITA 2008
compliance programme addresses all these issues. Watch out for a more detailed
note on this.

PR Syndicate honours
'Cyber Law Guru of India', Na.Vijayashankar

PR Syndicate, (an organization of Corporate PR Professionals in Chennai,) celebrated
its First Anniversary on 20th January 2007 at Russian Cultural Centre. On the
occasion, "Award of Excellence
in Public Life" was presented to 'Cyber Law Guru of India'
Na.Vijayashankar...More

Naavi's latest book "Cyber Laws Demystified" was soft launched at
the Nimhans Convention Center during the Indian Police Congress. The book is a
comprehensive coverage on Cyber Laws both ITA-2000 as well as IPR and other
issues.

Structured into 24 chapters it also covers the proposed amendments to ITA-2000
in detail as an appendix. A copy of the Information Technology Act 2000 is also
appended to the book.

The book also has several individual chapters on the legal issues of Cyber
Banking, Cyber Advertising, Cyber Taxation and Cyber Terrorism.

Naavi.org is India's premier portal on Cyber Law. It is
not only an information portal containing information on several aspects
concerning Information Technology Law in India but also represents the focal
point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual
Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival
center which provides a key service to help administration of
justice in Cyber Crime cases.

The third key service is the domain name look-alikes
dispute resolution service which provides a unique solution for websites with
similar looking domain names to co exist.

The fourth key service is the online mediation and
arbitration service another unique global service.

The fifth key service is the CyLawCom service which
represents the Cyber Law Compliance related education, audit and implementation
assistance service.

Additionally, Naavi.org is in the process of development
of four sub organizations namely the Digital Society Foundation, Naavi.net,
International Cyber Law Research Center and Cyber Crime Complaints and
Resolution Assistance Center. Digital Society Foundation is a Trust formed with
the objective of representing the voice of Netizens in various fora and work
like an NGO to protect their interests. Naavi.net is meant to develop a
collaborative distributed network of LPO consultants. International Cyber Law
Research Center would support research in Cyber Laws and Cyber Crime Complaints
and Resolution Assistance Center would try to provide some support to victims of
Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that
goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law
was new across the globe, consistent efforts over the last decade has brought
Naavi.org to the beginning of "Phase 2" in which the services are ready to reach
out to a larger section. This is recognized as the phase of collaborations and
growth by association. Naavi.org will therefore be entering into a series of
associations to develop each dimension of its vision with an appropriate
partner. Individuals, Organizations and Commercial houses which have synergistic
relationship with the activities of Naavi.org are welcome to join hands in
commercial and non commercial projects of Naavi.org.